<?php

// page header, and any additional required libraries
include 'header.php';
// minimum permission to view page
valid_login($action_permission['read']);
//#############################################################################
// PRINT COMMAND FORM
//#############################################################################
function print_commands_form()
{
global $output, $lang_command, $realm_id, $world_db, $action_permission, $user_lvl, $gm_level_arr;
$levels = $gm_level_arr;
$sqlw = new SQL;
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$query = $sqlw->query('SELECT name, help, security FROM command WHERE security <= '.$user_lvl.'');

while ($data = $sqlw->fetch_assoc($query))
{
	$comm = explode("\r\n", $data['help'], 2);
	$levels[$data['security']][3] .= '
	<tr>
		'.(($user_lvl >= $action_permission['update']) ? '<td><input type="checkbox" name="check['.$data['name'].']" value="'.$data['security'].'" /></td>' : '<td></td>').'
		<td align="left">'.$data['name'].'</td>
		<td>'.htmlentities(ereg_replace("[a-zA-Z ]+:* *\.", ".", $comm[0]), ENT_QUOTES, 'UTF-8').'</td>
		<td>'.(isset($comm[1]) ? str_replace("\r\n", "<br />", str_replace("\r\n\r\n", "<br />", htmlentities($comm[1], ENT_QUOTES, 'UTF-8'))): '').'</td>
	</tr>';
}
unset($comm);
unset($data);
unset($query);

$output .= '
<center>
<form method="get" action="command.php" name="form">
	<input type="hidden" name="action" value="update" />';
	for ($i=0; $i<=$user_lvl; ++$i)
	{
		$output .= '
		<table style="width: 720px; text-align: left;" class="lined">
			<tr>
				<th><div id="div'.$levels[$i][1].'" onclick="expand(\''.$levels[$i][1].'\', this, \''.$levels[$i][1].'\');">[+] '.$levels[$i][1].' :</div></th>
			</tr>
		</table>
		<table id="'.$levels[$i][1].'" class="lined" style="width: 720px; text-align: left; display: none">
			<tr style="text-align: center;">
				<th width="2%"></th>
				<th width="13%">'.$lang_command['command'].'</th>
				<th width="20%">'.$lang_command['syntax'].'</th>
				<th width="65%">'.$lang_command['description'].'</th>
			</tr>'.$levels[$i][3];

if($user_lvl >= $action_permission['update'])
{
	$output .= '
	</table>
	<br />
	<table class="hidden" style="width: 720px;">
		<tr>
			<td>';
				makebutton($lang_command['change_level'], 'javascript:do_submit()',280);
				$output .= '
			</td>
		</tr>';
}
$output .= '
</table>
<br />';
}
$output .= '
</form>
</center>';
}
//#############################################################################
//  UPDATE COMMAND LEVEL
//#############################################################################
function update_commands()
{
global $output, $lang_global, $lang_command, $action_permission, $user_lvl, $gm_level_arr;
valid_login($action_permission['update']);

if(isset($_GET['check'])) $check = $_GET['check'];
else redirect('command.php?error=1');

$output .= '
<center>
<form method="get" action="command.php" name="form">
	<input type="hidden" name="action" value="doupdate" />
		<table class="lined" style="width: 700px;">
			<tr>
				<th width="1%"></th>';
				for ($i=0; $i<=$user_lvl; ++$i)
				{
					$output .= '
					<th width="1%">'.$gm_level_arr[$i][1].'</th>';
				}
				$output .= '
			</tr>';

			$commands = array_keys($check);
			$n_commands = count($check);
			for ($i=0; $i<$n_commands; ++$i)
			{
				$output .= '
				<tr>
					<td>'.$commands[$i].'</td>';
					for ($j=0; $j<=$user_lvl; ++$j)
					{
						$output .= '
						<td>
							<input type="radio" name="change['.$commands[$i].']" value="'.$j.'"';
							if ($j==$check[$commands[$i]])
							$output .= ' checked="checked"';
							$output .= ' />
						</td>';
					}
					$output .= '
				</tr>';
			}
unset($n_commands);
unset($commands);
unset($check);
$output .= '
</table>
</form>
<table width="300" class="hidden">
	<tr>
		<td>';
			makebutton($lang_command['save'], 'javascript:do_submit()" type="wrn', 130);
			makebutton($lang_global['back'], 'command.php" type="def', 130);
			$output .= '
		</td>
	</tr>
</table>
</center';
}
//#############################################################################
//  DO UPDATE COMMAND LEVEL
//#############################################################################
function doupdate_commands()
{
global $output, $realm_id, $world_db, $action_permission;
valid_login($action_permission['update']);

$sqlw = new SQL;
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);

if(isset($_GET['change']))
$change = $sqlw->quote_smart($_GET['change']);
else
redirect('command.php?error=1');

$commands = array_keys($change);
$n_commands = count($change);
for ($i=0; $i<$n_commands; ++$i)
{
	$query = $sqlw->query('UPDATE command SET security = '.$change[$commands[$i]].' WHERE name= \''.$commands[$i].'\'');
}
unset($n_commands);
unset($commands);
unset($change);
redirect('command.php');
}
//#############################################################################
// MAIN
//#############################################################################
$err = (isset($_GET['error'])) ? $_GET['error'] : NULL;

$output .= '
<div class="top">';

$lang_command = lang_command();

if(1 == $err)
$output .= '
<h1><font class="error">'.$lang_global['empty_fields'].'</font></h1>';
else
$output .= '
<h1>'.$lang_command['command_list'].'</h1>';

unset($err);

$output .= '
</div>';

$action = (isset($_GET['action'])) ? $_GET['action'] : NULL;

if ('update' == $action)
update_commands();
elseif ('doupdate' == $action)
doupdate_commands();
else
print_commands_form();

unset($action);
unset($action_permission);
unset($lang_command);

include 'footer.php';

?>
